Application Securityhttps://cyreslab.org/trainings/category/Application-Security
enSecure Coding (C, C++ and Java)https://cyreslab.org/training/secure-coding-C-C%2B%2B-and-java
<span>Secure Coding (C, C++ and Java)</span>
<div class="field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>This is a set of trainings and workshops designed and delivered by Robert Seacord and CERT-SEI team, Carnegie Mellon. Provide detailed explanation of common programming principles and errors in C and C++ and describing how these errors can lead to code that is vulnerable to exploitation. These seminars focus on security issues intrinsic to the C and C++ programming languages and associated libraries, with the intent to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.</p>
<hr /></div>
<span><span lang="" about="https://cyreslab.org/index.php/user/1" typeof="schema:Person" property="schema:name" datatype="" content="administrator@cyreslab.org" xml:lang="">administrator@…</span></span>
<span>Tue, 07/03/2018 - 14:35</span>
Tue, 03 Jul 2018 11:35:11 +0000administrator@cyreslab.org91 at https://cyreslab.orgC/C++ Secure Coding and Binary Security in Linuxhttps://cyreslab.org/training/Introduction-to-CCPP-Secure-Coding-and-Binary-Security-in-Linux
<span>C/C++ Secure Coding and Binary Security in Linux</span>
<div class="field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><span><span>Compared with other technologies, C and C++ pose unique and difficult challenges to the process of continuously writing and delivering quality code without security issues. The great power that a developer possesses over e.g. memory management results in the responsibility to write code that deals properly with object lifecycles, manages buffers correctly and many other aspects that have no equivalent in languages with automatic memory management.</span></span></p>
<p> </p>
<p><span><span>This hands-on course is focused on introducing developers to the most critical mistakes that are made when writing C and C++ code, as well as how to properly mitigate them at the language and OS level and what exactly is the impact of such vulnerabilities – how an attacker could exploit buffer overflows, integer flaws or race conditions. The course is focused on the Linux platform, as many of the attack and mitigation techniques are OS-specific.</span></span></p>
<p> </p>
<p><u><strong>Course agenda:</strong></u></p>
<ul><li>Buffer Overflows
<ul><li>Stack-based</li>
<li>Heap-based</li>
<li>Mitigation</li>
</ul></li>
<li>Integer Security
<ul><li>Integer rules in C and C++</li>
<li>Vulnerabilities and mitigation</li>
</ul></li>
<li>Format String Vulnerabilities</li>
<li>Linux File and I/O security
<ul><li>File attributes in Linux</li>
<li>TOCTOU vulnerabilities</li>
<li>Path resolution and dynamic library injection</li>
<li>Basics of Secure Network Programming</li>
</ul></li>
<li>Basics of Static and Dynamic analysis and countermeasures</li>
</ul><p> </p>
<p><u><strong>Ideal for:</strong></u> The course is technical and the targeted participants are developers that use C and/or C++ on a daily basis, but have no particular experience in binary security.</p>
<p> </p>
<p><u><strong>Prerequisites:</strong></u> Knowledge of Linux, C and/or C++ and their respective toolchains.</p>
<p><br /><em>Participants should bring a laptop/notebook with a Linux installation and the standard build toolchain for Linux – gcc, gdb, as well as any IDE/tools they have preference for.</em></p>
<p> </p>
<p><u><strong>Certificate:</strong></u> Upon successful completion of the course, attendees will receive a certificate from ESI CEE.</p>
<hr /></div>
<span><span lang="" about="https://cyreslab.org/index.php/user/1" typeof="schema:Person" property="schema:name" datatype="" content="administrator@cyreslab.org" xml:lang="">administrator@…</span></span>
<span>Thu, 02/08/2018 - 14:33</span>
Thu, 08 Feb 2018 12:33:01 +0000administrator@cyreslab.org61 at https://cyreslab.org